Flexible YubiKey licensing for large organizations
YubiKey Nano FIPS
YubiKey Nano FIPS
Go to YubiKey 5 Nano FIPS
Yubico recommends a spare key
Why is a spare key so important?
It’s best practice to keep at least one spare YubiKey in case your primary is lost or stolen. Having a spare key gives you the assurance that you will not be without access to critical accounts when you need them most. No need to fear being locked out of any accounts, and no need to go through a lengthy recovery and identity verification process to recover them.
Please note that to register your spare key you will need to follow the same process as registering your primary key. Not all services support registering multiple YubiKeys. More information: yubico.com/spare.
About this product
- FIPS 140-2 validated (Overall Level 2, Physical Security Level 3
- The simplest, most effective way to protect your users such as employees against account takeovers
- Deliver an intuitive user experience with a hardware-backed security key that's easy to set up, deploy, and use
- Increase organizational security and reduce helpdesk tickets for password reset or account lockout
The YubiKey FIPS Series is a hardware based authentication solution that provides superior defense against phishing, eliminates account takeovers, and enables compliance requirements for strong authentication. This series of security keys are FIPS 140-2 validated (Overall Level 2, Physical Security Level 3.) and meet the highest authenticator assurance level 3 (AAL3) of NIST SP800-63B guidance.
The YubiKey offers superior security by combining hardware-based authentication and public key cryptography to effectively defend against phishing attacks and eliminate account takeovers. It offers multi-protocol support including Yubico OTP, OATH HOTP, U2F, PIV, and Open PGP. Users have the broadest options for strong authentication including not only two-factor authentication, but also support for single factor passwordless login and multi-factor authentication in conjunction with user touch and PIN .
Easy, Fast and Reliable
The YubiKey provide a simple and intuitive authentication experience that users find easy to use, ensuring rapid adoption and organizational security. With authentication speeds up to 4X faster than OTP or SMS based authentication, the YubiKey does not require a battery or network connectivity, making authentication always accessible.
Reduce IT Operational Costs
The ease of use and reliability of the YubiKey is proven to reduce password support incidents by 92%. This was documented in a research paper by Google, describing the Google employee rollout to more than 70 countries. Deployments are faster and cost less with the YubiKey’s industry leading support for numerous protocols, systems and services.
Modern Authentication from the Industry Leader
The YubiKey is the trusted secure authentication choice for the largest technology, finance, and retail companies in the world. This includes 9 of the top 10 technology companies, 4 of the top 10 US banks, and 2 of the top 3 global retailers. Companies including Google, Facebook, Salesforce and thousands more trust the YubiKey to protect account access to computers, networks and online services.
|Government Certified||FIPS 140-2 Validated (AAL3) of NIST SP800-63B guidance|
|Multi-Protocol||Support for WebAuthn, FIDO U2F, smart card (PIV), Yubico OTP, OpenPGP, OATH-TOTP, OATH-HOTP, and Challenge-Response|
|Configurable||Easily configure multiple protocols across computers, networks, and online applications and services|
|Broad Ecosystem||Deploy instantly with Centrify, Ping, Okta, Google and more|
|Easy to Use||No battery or network connectivity required, users simply insert and tap to authenticate|
|Trusted Partner||The YubiKey is deployed and loved by 9 of the top 10 internet brands and by millions of users|
|Authentication Methods||Strong Two Factor, Strong Multi-Factor|
|Identity & Access Management||AWS Identity and Access Management (IAM), Centrify, Duo Security, Google Cloud Identity, Microsoft Active Directory, Microsoft Azure AD, Okta, Ping Identity|
|Productivity & Communication||Google Account, Microsoft account, Salesforce.com|
|Password Managers||1Password, Keeper®, LastPass Premium, Bitwarden Premium|
|Function||WebAuthn, CTAP1, Universal 2nd Factor (U2F), Smart card (PIV-compatible), Yubico OTP, OATH – HOTP (Event), OATH – TOTP (Time), Open PGP, Secure Static Password|
|Certifications||FIDO Universal 2nd Factor (U2F) Certified, FIPS 140-2 Certified|
|Cryptographic Specifications||RSA 2048, RSA 4096 (PGP), ECC p256, ECC p384|
|Design & Durability||Water Resistant, Crush Resistant, No Batteries Required, No Moving Parts|
|Device Type||FIDO HID Device, CCID Smart Card, HID Keyboard|
|Manufacturing||Made in USA and Sweden|
Frequently Asked Questions
|Do I need the FIPS key to secure my organization?||FIPS stands for Federal Information Processing Standard. The FIPS key is primarily used for companies working in or with regulated industries, usually federal or government agencies. If you do not work in a federal or government space that requires the FIPS 140-2 certification then it is not necessary for your organization. FIPS is a security certification that meets strict security standards. Click here to learn more.|
|Does the YubiKey FIPS work with Active Directory||Yes, the YubiKey can work with Active Directory using the PIV smart card protocol. Visit the Smartcard Deployment guide to set up you YubiKey with Active Directory.|
|Does the YubiKey FIPS work with Windows Hello||At this time, the YubiKey for Windows Hello App is not compatible with YubiKey FIPS series devices. We are looking into options to resolve this. You can use the Windows Logon Tool & Configuration Guide to secure your Windows account.|
|I want to make a bulk order for my business, how can I do that?||The Yubico website has trays of 10 & 50 on the online store. If you are looking to make a purchase of over 500 keys, it is recommended to connect with one of our solutions experts. Contact sales.|
|What browsers are compatible with the YubiKey?||It depends on what protocol the service requires. For OTP (one time password) all major browsers are compatible, including Safari. FIDO U2F (Universal 2nd Factor) support is dependent on the browser and how the service implemented the integration. Google Chrome will work out of the box, while Mozilla Firefox will need to be manually enabled to support U2F, if supported by the service. Other major browsers have not yet made support for U2F protocol. It's recommended to consult with the service's documentation for a broader understanding of what's specfically supported.|
Have more questions? Contact support